If you are going to tell people the truth, be funny or they will kill you.

Monday, March 15, 2010

Microsoft Offers Temp Measure for Most Recent IE Flaw

While the IT world grinds its teeth waiting for Redmond to issue a permanent fix to close the weaknesses in Internet Explorer noted in Security Advisory 981374, the software giant has released two "Fix It" solutions to hopefully limit the impacts of the exploits currently being noted in the wild.

Microsoft claims that the first stopgap is a "solution for peer factory in iepeers.dll," while the second fix enables Data Execution Prevention (DEP) for those versions of Internet Explorer that happen to support DEP.

Both measures can be downloaded to a USB flash drive and run on affected machines one at a time. That's helpful for home users or a small IT shop, but it's not particularly scalable to the enterprise environment, and there doesn't seem to be any mention of automated deployment methods.

Read the updated advisory to get the details regarding which IE/Windows versions are at risk and to download the "Fit It" code, and make sure you have a plan to roll back the changes if you notice anything not working properly after you run the fix.

No word yet on when Microsoft plans on formally releasing a patch, but with exploit code being posted online, the pressure is on to get something out quickly. We'll see if this means another out-of-band critical patch release.